Report: Home users are primary targets for attack
According to Symantec's Internet Threat Report, criminals have, by and large, turned away from attacks on corporate networks. 86 percent of all attacks are aimed at the computers of private users. One reason for this is the continued lack of security measures taken to secure home PCs. While the majority of corporate networks run behind powerful firewalls and in many cases layers of virus filters and intrusion detection systems, many home PCs run without even the protection of a basic software firewall. These targets are easy game for hackers to infect with malicious code that spies on user's activity and data, or that converts the computer into a member of a Bot net.
As already reported in previous versions of the Symantec Threat Reports, greed remains the driving force behind the attacks. Bot net rental for Distributed Denial of Service attacks appears to be well established. Symantec observed roughly 6,000 DoS attacks per day, emanating from almost 60,000 active Bot nets. Symantec counts almost 4.6 million active zombie PCs in all. With 54 percent of all DoS attacks, the USA is at the centre of the activity. The country is also the location of 42 percent of all Bot control servers, meaning that most attacks originate there too. The highest percentage of zombie PCs worldwide is in China, at 20 percent.
According to the report, China and the US appear to be the root of much of the evil on the internet. The US is the leading source of malware of all kinds at 37 percent, followed by China at 10 percent. US spammers also lead the world, at 58 percent, far ahead of China's 13 percent. Canada and South Korea trail far behind, at five percent of the worldwide spam flood respectively. According to the report, spam currently makes up 54 percent of all monitored email traffic.
Phishing remains another important topic. In the first half of 2006, Symantec registered an 81 percent rise in diversity of phishing mails, up to almost 160,000 variants. This reflects growing sophistication by phishers in targeting their victims, including increasing regional and language adaptation in the formulation of the email texts.
At roughly 70 percent, the primary portal for attacks on the PC are flawed web applications. Web browsers in particular are in the attackers' crosshairs, as shown anew by the current holes in Internet Explorer. 22 days will have transpired between the announcement of the hole on 22 September and its (scheduled) patch date of 10 October, nine days longer than Microsoft typically needs for such patches, according to Symantec calculations. At 13 days, Red Hat is relatively fast when it comes to closing holes. Apple tends to take its time: users are forced to wait 37 days on average before updates appear. Sun users, by contrast, need to develop a thick skin when it comes to security holes. The manufacturer requires 89 days on average to close announced security holes.
Symantec is predicting a coming increase in pests using rootkit techniques to avoid detection by virus scanners and the user. They also feel a return to polymorph viruses can be expected. Web 2.0 and technologies like AJAX will offer hackers further, wide latitude in developing new tricks to infect PCs.
- Internet Security Threat Report, Overview from Symantec